Universities hit by Data Protection Fines

Two Universities in South Korea have been fined for Personal Data Breaches with penalties amounting to $459000 (Jeobunk National university) and $253 million (Ewha University) following personal data breach .

On July 28, 2024, the personal information of over 320,000 students and graduates of Jeonbuk National University was leaked. The university said that the names, phone numbers, email addresses and other details of students and graduates had been exposed in the breach. The cause was traced to lack of adequate information security measures including not implementing appropriate data retention measures based on existence of legal basis for processing.

In a similar case, the personal information of over 83,000 students and graduates of Ewha Womans University, also including RRNs, was leaked on Sept. 3, 2024.

On top of imposing monetary penalties, the data protection authority of South Korea ordered the two universities to make their violations public by making official announcements on their websites, inspect their information security systems and establish round-the-clock monitoring systems.

Last year the South Korean agency had also imposed fines on Kyungsung University (KRW 42.8 million) and Soonchunhyang University (KRW 193 million) highlighting the vulnerabilities of such organizations.

The news papers report that the commission also advised additional penalties to the personnel in charge.

These incidents highlight the risks that Indian educational institutions in India also run. Most of these institutions hold enormous data not adequately secured. Not many of them have thought of any implementation of DPDPA.

It is time for such organizations to wake up…and be ready for DPDPA.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.